certificate issuing for mail list users

Paul Schmehl pauls at utdallas.edu
Fri Apr 27 16:57:27 UTC 2007

--On Friday, April 27, 2007 09:52:44 -0700 David Southwell 
<david at vizion2000.net> wrote:
> I think I may not have been clear on this posting because you seem to be
> misunderstanding my question. I have been very appreciative of the
> responses  I have received.
> I now moving on from that point and want to know if someone has built a
> web  interface that enables people to request certificates and supply
> them so as  to integrate certificate issuing into the total problem
> solution.

Yes.  Verisign has.  It sucks, although for the purpose for which you 
intend to use it, it would suck less.

I'm assuming you want to issue a single cert to each user, not separate 
signing and encryption certs?

Verisign has two ways that you can do that.

You can use their servers, which requires that the administrators intervene 
with each request for a cert.  This is not burdensome if you're only going 
to be issuing a few dozen certs.  If you're going to be issuing hundreds, 
you want to avoid this system.

You can install your own, locally-hosted, certificate system.  So long as 
all you're doing is issuing certs, and you're not trying to intergrate with 
Exchange, that system works fine.  The Exchange integration is extremely 
fragile and breaks in interesting ways that are difficult to troubleshoot.

There may be other competitors now, but I am not aware of them.

Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas

More information about the freebsd-ports mailing list